2. 程式人生 > >vpn搭建腳本,l2tp,centos7

vpn搭建腳本,l2tp,centos7

阿新 發佈:2017-07-09
vpn ppp l2tp

本腳本有些是來自網上的參數,經過測成功才發不出來


#!/bin/bash

PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin

export PATH

export LANG=zh_CN.UTF-8

#############################################################


#檢測是否是root用戶

if [[ $(id -u) != "0" ]]; then

printf "\e[42m\e[31mError: You must be root to run this install script.\e[0m\n"

exit 1

fi


#檢測是否是CentOS 7或者RHEL 7

if [[ $(grep "release 7." /etc/redhat-release 2>/dev/null | wc -l) -eq 0 ]]; then

printf "\e[42m\e[31mError: Your OS is NOT CentOS 7 or RHEL 7.\e[0m\n"

printf "\e[42m\e[31mThis install script is ONLY for CentOS 7 and RHEL 7.\e[0m\n"

exit 1

fi

clear




#獲取服務器IP

serverip=$(ifconfig -a |grep -w "inet"| grep -v "127.0.0.1" |awk ‘{print $2;}‘)

printf "\e[33m$serverip\e[0m is the server IP?"

printf "If \e[33m$serverip\e[0m is \e[33mcorrect\e[0m, press enter directly."

printf "If \e[33m$serverip\e[0m is \e[33mincorrect\e[0m, please input your server IP."

printf "(Default server IP: \e[33m$serverip\e[0m):"

read serveriptmp

if [[ -n "$serveriptmp" ]]; then

serverip=$serveriptmp

fi


#獲取網卡接口名稱

ethlist=$(ifconfig | grep ": flags" | cut -d ":" -f1)

eth=$(printf "$ethlist\n" | head -n 1)

if [[ $(printf "$ethlist\n" | wc -l) -gt 2 ]]; then

echo ======================================

echo "Network Interface list:"

printf "\e[33m$ethlist\e[0m\n"

echo ======================================

echo "Which network interface you want to listen for ocserv?"

printf "Default network interface is \e[33m$eth\e[0m, let it blank to use default network interface: "

read ethtmp

if [ -n "$ethtmp" ]; then

eth=$ethtmp

fi

fi


#設置VPN撥號後分配的IP段

iprange="10.0.1"

echo "Please input IP-Range:"

printf "(Default IP-Range: \e[33m$iprange\e[0m): "

read iprangetmp

if [[ -n "$iprangetmp" ]]; then

iprange=$iprangetmp

fi


#設置dns

clientdns="119.29.29.29"

echo "Please input client DNS-server:"

printf "(Default VPN client DNS-server: \e[33m119.29.29.29\e[0m): "

read client

if [[ -n "$client" ]]; then

clientdns=$client

fi


clientdns02="8.8.8.8"

echo "Please input client DNS-server:"

printf "(Default VPN client DNS-server: \e[33m8.8.8.8\e[0m): "

read client

if [[ -n "$client" ]]; then

clientdns02=$client

fi


#設置預共享密鑰

mypsk="sadoc.cn"

echo "Please input PSK:"

printf "(Default PSK: \e[33msadoc.cn\e[0m): "

read mypsktmp

if [[ -n "$mypsktmp" ]]; then

mypsk=$mypsktmp

fi


#設置VPN用戶名

username="sadoc.cn"

echo "Please input VPN username:"

printf "(Default VPN username: \e[33msadoc.cn\e[0m): "

read usernametmp

if [[ -n "$usernametmp" ]]; then

username=$usernametmp

fi


#隨機密碼

randstr() {

index=0

str=""

for i in {a..z}; do arr[index]=$i; index=$(expr ${index} + 1); done

for i in {A..Z}; do arr[index]=$i; index=$(expr ${index} + 1); done

for i in {0..9}; do arr[index]=$i; index=$(expr ${index} + 1); done

for i in {1..10}; do str="$str${arr[$RANDOM%$index]}"; done

echo $str

}


#設置VPN用戶密碼

password=$(randstr)

printf "Please input \e[33m$username\e[0m‘s password:\n"

printf "Default password is \e[33m$password\e[0m, let it blank to use default password: "

read passwordtmp

if [[ -n "$passwordtmp" ]]; then

password=$passwordtmp

fi


clear


#打印配置參數

clear

echo "Server IP:"

echo "$serverip"

echo

echo "Server Local IP:"

echo "$iprange.1"

echo

echo "Client Remote IP Range:"

echo "$iprange.10-$iprange.254"

echo

echo "PSK:"

echo "$mypsk"

echo "ms-dns: ${clientdns} "

echo "ms-dns: ${clientdns02} "

echo

echo "Press any key to start..."


get_char() {

SAVEDSTTY=`stty -g`

stty -echo

stty cbreak

dd if=/dev/tty bs=1 count=1 2> /dev/null

stty -raw

stty echo

stty $SAVEDSTTY

}

char=$(get_char)

clear

mknod /dev/random c 1 9


#更新組件

yum update -y


#安裝epel源

yum install epel-release -y


#安裝依賴的組件

yum install -y openswan ppp pptpd xl2tpd wget


#創建ipsec.conf配置文件

\cp /etc/ipsec.conf /etc/ipsec.conf.bak

cat >/etc/ipsec.d/l2tp.conf<<EOF

conn L2TP-PSK-NAT

rightsubnet=vhost:%priv

also=L2TP-PSK-noNAT


conn L2TP-PSK-noNAT

authby=secret

pfs=no

auto=add

keyingtries=3

rekey=no

ikelifetime=8h

keylife=1h

type=transport

left=$serverip

leftid=$serverip

leftprotoport=17/1701

right=%any

rightprotoport=17/%any

dpddelay=40

dpdtimeout=130

dpdaction=clear

leftnexthop=%defaultroute

rightnexthop=%defaultroute

ike=3des-sha1,aes-sha1,aes256-sha1,aes256-sha2_256

phase2alg=3des-sha1,aes-sha1,aes256-sha1,aes256-sha2_256

sha2-truncbug=yes

EOF


#設置預共享密鑰配置文件

\cp /etc/ipsec.secrets /etc/ipsec.secrets.bak

cat >/etc/ipsec.d/l2tp.secrets<<EOF

#include /etc/ipsec.d/*.secrets

$serverip %any: PSK "$mypsk"

EOF


#創建pptpd.conf配置文件

\cp /etc/pptpd.conf /etc/pptpd.conf.bak

cat >/etc/pptpd.conf<<EOF

#ppp /usr/sbin/pppd

option /etc/ppp/options.pptpd

#debug

# stimeout 10

#noipparam

logwtmp

#vrf test

#bcrelay eth1

#delegate

#connections 100

localip $iprange.2

remoteip $iprange.200-254

EOF


#創建xl2tpd.conf配置文件

\cp /etc/xl2tpd/xl2tpd.conf /etc/xl2tpd/xl2tpd.conf.bak

[ -d /etc/xl2tpd ] || mkdir -p /etc/xl2tpd

cat >/etc/xl2tpd/xl2tpd.conf<<EOF

[global]

listen-addr = $serverip

auth file = /etc/ppp/chap-secrets

port = 1701

[lns default]

ip range = $iprange.10-$iprange.199

local ip = $iprange.1

refuse chap = yes

refuse pap = yes

require authentication = yes

name = L2TPVPN

ppp debug = yes

pppoptfile = /etc/ppp/options.xl2tpd

length bit = yes

EOF


#創建options.pptpd配置文件

[ -d /etc/ppp ] || mkdir -p /etc/ppp

\cp /etc/ppp/options.pptpd /etc/ppp/options.pptpd.bak

cat >/etc/ppp/options.pptpd<<EOF

name pptpd


refuse-pap

refuse-chap

refuse-mschap


require-mschap-v2


require-mppe-128


ms-dns ${clientdns}

ms-dns ${clientdns02}


proxyarp


lock

nobsdcomp

novj

novjccomp

nologfd

EOF


#創建options.xl2tpd配置文件

\cp /etc/ppp/options.xl2tpd /etc/ppp/options.xl2tpd.bak

cat >/etc/ppp/options.xl2tpd<<EOF

ipcp-accept-local

ipcp-accept-remote

require-mschap-v2

ms-dns ${clientdns}

ms-dns ${clientdns02}

asyncmap 0

auth

#crtscts

#lock

hide-password

#modem

debug

name l2tpd

proxyarp

lcp-echo-interval 30

lcp-echo-failure 4

mtu 1400

noccp

connect-delay 5000

EOF


#創建chap-secrets配置文件,即用戶列表及密碼

rm -f /etc/ppp/chap-secrets

cat >>/etc/ppp/chap-secrets<<EOF

# Secrets for authentication using CHAP

# client server secret IP addresses

#$username pptpd $password *

$username l2tpd $password *

EOF


#修改系統配置,允許IP轉發

sysctl -w net.ipv4.ip_forward=1

sysctl -w net.ipv4.conf.all.rp_filter=0

sysctl -w net.ipv4.conf.default.rp_filter=0

sysctl -w net.ipv4.conf.$eth.rp_filter=0

sysctl -w net.ipv4.conf.all.send_redirects=0

sysctl -w net.ipv4.conf.default.send_redirects=0

sysctl -w net.ipv4.conf.all.accept_redirects=0

sysctl -w net.ipv4.conf.default.accept_redirects=0


cat >>/etc/sysctl.conf<<EOF


net.ipv4.ip_forward = 1

net.ipv4.conf.all.rp_filter = 0

net.ipv4.conf.default.rp_filter = 0

net.ipv4.conf.$eth.rp_filter = 0

net.ipv4.conf.all.send_redirects = 0

net.ipv4.conf.default.send_redirects = 0

net.ipv4.conf.all.accept_redirects = 0

net.ipv4.conf.default.accept_redirects = 0

EOF


#允許防火墻端口

cat >>/usr/lib/firewalld/services/pptpd.xml<<EOF

<?xml version="1.0" encoding="utf-8"?>

<service>

<short>pptpd</short>

<description>PPTP and Fuck the GFW</description>

<port protocol="tcp" port="1723"/>

</service>

EOF


cat >>/usr/lib/firewalld/services/l2tpd.xml<<EOF

<?xml version="1.0" encoding="utf-8"?>

<service>

<short>l2tpd</short>

<description>L2TP IPSec</description>

<port protocol="udp" port="500"/>

<port protocol="udp" port="4500"/>

<port protocol="udp" port="1701"/>

</service>

EOF


firewall-cmd --reload

firewall-cmd --permanent --add-service=pptpd

firewall-cmd --permanent --add-service=l2tpd

firewall-cmd --permanent --add-service=ipsec

firewall-cmd --permanent --add-masquerade

firewall-cmd --permanent --direct --add-rule ipv4 filter FORWARD 0 -p tcp -i ppp+ -j TCPMSS --syn --set-mss 1356

firewall-cmd --reload

#iptables --table nat --append POSTROUTING --jump MASQUERADE

#iptables -t nat -A POSTROUTING -s $iprange.0/24 -o $eth -j MASQUERADE

#iptables -t nat -A POSTROUTING -s $iprange.0/24 -j SNAT --to-source $serverip

#iptables -I FORWARD -p tcp –syn -i ppp+ -j TCPMSS –set-mss 1356

#service iptables save


#允許開機啟動

systemctl enable pptpd ipsec xl2tpd

systemctl restart pptpd ipsec xl2tpd

clear


#測試ipsec

ipsec verify


printf "

#############################################################

如果測試出現[FAILED],請再次ipsec verify測試

若是測試成功,請用以下賬號密碼連接

若是連接出錯,請查看message日誌.


ServerIP: $serverip

username: $username

password: $password

PSK: $mypsk

"

vpn搭建腳本,l2tp,centos7

相關推薦

vpn搭建,l2tp,centos7

vpn ppp l2tp 本腳本有些是來自網上的參數,經過測成功才發不出來#!/bin/bashPATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/binexport PATHexport LANG=zh_CN.U

LAMP平臺搭建

lamp腳本#!/bin/bash DATE=`date +%F_%T` #源碼包編譯安裝搭建LAMP平臺的。 #本腳本所需軟件包:cmake-2.8.11.2.tar.gz mysql-5.5.22.tar.gz #httpd-2.2.17.tar.gz php-5.3.28.tar.gz #l

服務器環境搭建

url hhvm com es2017 apach 出現 sql 安裝 ges yum -y install wget screen curl python #for CentOS/Redhat # apt-get -y install wget screen curl p

ftp服務搭建和客戶端ftp自動上傳

被動模式 rgb fault virt otto shadow bak 安裝腳本 ssa linux服務器搭建ftp服務腳本(在centos6.5和centos7上測試通過)(該腳本沒有進行判斷,需要自行清理環境)(該腳本只允許上傳不允許下載,不允許使用匿名用戶和本地用戶登

Oracle 11g 快速搭建

start sid tac custom png 11.2 led init scu 一、root用戶 1、安裝前準備 mv /home/vsftpd/linux.x64_11gR2_database_* /tmp && cd /tmp unzip lin

Ubuntu伺服器下VPN搭建PPTP、L2TP完整教程

       最近一段時間在給公司搭建遠端虛擬網路,就是VPN。貧僧是在對網路知識近乎為0的情況下,一臉懵逼的接下了這個工作。然後就是百度百度,谷歌谷歌,無數次出錯無數次崩潰,最後已經準備破罐子破摔不想繼續了。       我以為是領導手把手教我,誰知道是直接丟給我一個活讓

kvm 創建虛擬機centos7

qcow 分配 自動 gre 目前 rep cati 例如 存在 #!/bin/bash #創建單個虛擬機(需要電腦中存在模板虛擬機) #獲取新虛擬機名稱(單個創建模式) get_newname(){ while true do

nginx服務搭建

stub deb scrip sub 根據 oca reload $path 模塊 #!/bin/bash # 安裝依賴包,gcc gcc-c++是編譯必裝的工具包。而其他包是根據安裝的模塊依賴的包 yum -y install gcc gcc-c++ pcre-d

MySQL 5.7.26一鍵安裝CentOS7.4適用

devel 5.5 system adb mysql 5.7 root pat href comm #!/bin/bash#########MySQL5.7RPM auto install####################2019-5-2###############

Centos7搭建pptp VPN一鍵安裝

sdn bsp 長度 登錄 title 無法 att -s 其他 Centos7搭建pptp一鍵安裝腳本 廢話不多說,先上腳本地址:Centos7一鍵pptp 使用: wget https://raw.githubusercontent.com/DanylZhang/

centos7-pptp-vpn,用的是firewall 防火墻

centos pptp vpn linux#!/bin/bash # [ $(id -u) != "0" ] && { echo "Error: You must be root to run this script"; exit 1; } export PATH=/usr/local/sb

centos7 L2TP/ipsec vpn搭建

centos7 L2TP/IPSEC vpn搭建 公司原來的伺服器是pptp+freeaduis。後來由於蘋果更新系統IOS無法接入PPTP模式伺服器,所以研究了這個L2TP/IPSEC的VPN,查找了很多資料終於成功。記錄下來以後自己備查。 1.安裝相關軟體包 安裝必要的開發包 在Cen

linux下搭建rocketmq(附服務

linux mq rocketmq rocketmq腳本 此文檔安裝的是rocketmq當前最新版本rocketmq v4.0.0,當時阿裏已經把rocketmq捐贈給了apache組織,為什麽要特別指明這一點,因為在下載、安裝和服務腳本中有個別不同的地方。這是本人第一篇博客,如果排版不是很清

CentOS7添加需要開機啟動的

centos7 開機腳本1、修改開機腳本添加文件的權限[[email protected]/* */ ~]# cat /etc/rc.d/rc.local #!/bin/bash # THIS FILE IS ADDED FOR COMPATIBILITY PURPOSES # # It is

CentOS7本地yum源一鍵配置

centos7mkdir /mnt/cdrom -pmount /dev/cdrom /mnt/cdromecho "mount /dev/cdrom /mnt/cdrom" >>/etc/rc.localmkdir /etc/yum.repos.d/yumbakmv /etc/yum.repos

轉載:monkeyrunner之eclipse中運行monkeyrunner之環境搭建(四)

導包 rep 是把 body tle cnblogs 9.png 解決方法 align 轉載自:lynnLi 的monkeyrunner之eclipse中運行monkeyrunner腳本之環境搭建(四) monkeyrunner腳本使用Python語法編寫,但它實際上是通

LinuxserverJboss執行環境搭建步驟和開機自己主動啟動編寫執行

web bin 路徑 for scrip 環境變量 pro app 版本號 Jboss執行環境:Linux+Jdk+Jboss+jsp系統Jboss軟件說明:相似於Tomcat。就是一個跑Jsp系統的環境,他的網站路徑跟Tomcat相似,Tomcat存放網站文件到web

L2TP/IPSec一鍵安裝

centos 6 tun librtmp iptable 4.4 dap ctrl+c 一鍵 content 本腳本適用環境:系統支持:CentOS6+,Debian7+,Ubuntu12+內存要求:≥128M更新日期:2017 年 05 月 28 日 關於本腳本:名詞解釋

性能測試——jmeter環境搭建,錄制,jmeter參數化CSV

filename dex src oracl rec 性能 設置 weather jdk 一、Jmeter+jdk環境搭建 1.http://www.oracle.com/technetwork/java/javase/downloads/index

centos7 添加Nginx啟動

nginx[Unit] Description=nginx - high performance web server Documentation=http://nginx.org/en/docs/ After=network.target remote-fs.target nss-lookup.target